September 18, 2017 Re: The case for integer overflow checks? | ||||
---|---|---|---|---|
| ||||
Posted in reply to Kagamin | On Monday, 18 September 2017 at 11:42:19 UTC, Kagamin wrote:
> Do they check unsigned integers?
No, I don't believe they do, as unsigned integers are modular in C/C++. (And in D also signed integers are modular).
|
September 18, 2017 Re: The case for integer overflow checks? | ||||
---|---|---|---|---|
| ||||
Posted in reply to Andrei Alexandrescu | On Monday, 18 September 2017 at 13:25:55 UTC, Andrei Alexandrescu wrote:
> For the record, with the help of std.experimental.checkedint, the change that fixes the code would be:
>
> malloc(width * height * 4) ==> malloc((checked(width) * height * 4).get)
>
> That aborts the application with a message if a multiplication overflows.
Can it do something other than abort? Can it throw an overflow exception that could be caught to report the error and continue?
Dennis Cote
|
September 18, 2017 Re: The case for integer overflow checks? | ||||
---|---|---|---|---|
| ||||
Posted in reply to Dennis Cote | On Monday, 18 September 2017 at 22:32:28 UTC, Dennis Cote wrote: > On Monday, 18 September 2017 at 13:25:55 UTC, Andrei Alexandrescu wrote: >> For the record, with the help of std.experimental.checkedint, the change that fixes the code would be: >> >> malloc(width * height * 4) ==> malloc((checked(width) * height * 4).get) >> >> That aborts the application with a message if a multiplication overflows. > > Can it do something other than abort? Can it throw an overflow exception that could be caught to report the error and continue? Yes. Use one of the provided hooks (e.g. [1][2][3]) or write one that fits your use case. [1] https://dlang.org/phobos/std_experimental_checkedint.html#Abort [2] https://dlang.org/phobos/std_experimental_checkedint.html#Throw [3] https://dlang.org/phobos/std_experimental_checkedint.html#Warn |
September 18, 2017 Re: The case for integer overflow checks? | ||||
---|---|---|---|---|
| ||||
Posted in reply to Moritz Maxeiner | On Monday, September 18, 2017 22:39:09 Moritz Maxeiner via Digitalmars-d wrote: > On Monday, 18 September 2017 at 22:32:28 UTC, Dennis Cote wrote: > > On Monday, 18 September 2017 at 13:25:55 UTC, Andrei > > > > Alexandrescu wrote: > >> For the record, with the help of std.experimental.checkedint, the change that fixes the code would be: > >> > >> malloc(width * height * 4) ==> malloc((checked(width) * height > >> * 4).get) > >> > >> That aborts the application with a message if a multiplication overflows. > > > > Can it do something other than abort? Can it throw an overflow exception that could be caught to report the error and continue? > > Yes. Use one of the provided hooks (e.g. [1][2][3]) or write one > that fits your use case. > > [1] https://dlang.org/phobos/std_experimental_checkedint.html#Abort [2] https://dlang.org/phobos/std_experimental_checkedint.html#Throw [3] https://dlang.org/phobos/std_experimental_checkedint.html#Warn Yeah, it's really quite flexible with minimal code. Andrei talked about it in his dconf 2017 talk: https://www.youtube.com/watch?v=29h6jGtZD-U - Jonathan M Davis |
September 20, 2017 Re: The case for integer overflow checks? | ||||
---|---|---|---|---|
| ||||
Posted in reply to Ola Fosheim Grøstad | On Monday, 18 September 2017 at 17:46:52 UTC, Ola Fosheim Grøstad wrote: > No, I don't believe they do, as unsigned integers are modular in C/C++. So you can't check third party code because it pervasively uses unsigned integers for lengths, sizes and everything else, obvious example: https://fossies.org/dox/libpng-1.6.32/structpng__info__def.html |
September 20, 2017 Re: The case for integer overflow checks? | ||||
---|---|---|---|---|
| ||||
Posted in reply to Kagamin | On Wednesday, 20 September 2017 at 10:01:14 UTC, Kagamin wrote:
> On Monday, 18 September 2017 at 17:46:52 UTC, Ola Fosheim Grøstad wrote:
>> No, I don't believe they do, as unsigned integers are modular in C/C++.
>
> So you can't check third party code because it pervasively uses unsigned integers for lengths, sizes and everything else, obvious example: https://fossies.org/dox/libpng-1.6.32/structpng__info__def.html
For more complex third party code you have to vet it anyway for bad practices.
For utilitarian libraries it could be quite useful. So, it all depends.
|
Copyright © 1999-2021 by the D Language Foundation